CVE-2025-23151: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-23151 is a vulnerability discovered in the Linux kernel affecting the MHI (Modem Host Interface) bus subsystem. The vulnerability was disclosed on May 1, 2025, and involves a race condition between unprepare and queue_buf operations (NVD, Debian Tracker).

The vulnerability occurs when a client driver uses mhiunpreparefromtransfer() to quiesce incoming data during tear down while simultaneously processing data through mhiqueuebuf() which invokes mhigentre(). If mhigentre() executes after the channel has been torn down by mhiunpreparefromtransfer(), it can lead to an invalid dereference causing a page fault. This happens because mhigentre() fails to verify the channel state after locking it. According to Red Hat's assessment, this vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Red Hat CVE).

When exploited, this vulnerability can cause a kernel panic due to invalid dereference leading to a page fault, potentially resulting in system crashes and service disruption (NVD).

The vulnerability has been fixed in various Linux distributions. Debian has released fixes in version 6.1.135-1 for bookworm (security) and 6.12.25-1 for sid. Red Hat Enterprise Linux 9 has deferred the fix for both kernel and kernel-rt packages (Debian Tracker, Red Hat CVE).